Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Fix for PHP bug #79797
From 03fbc7b6be1559c77c5d748bdc56d99e6bacfe0b Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 14 Jul 2020 17:04:24 +0200
Subject: [PATCH] Fix #79797: Use of freed hash key in the phar_parse_zipfile
function
We must not use heap memory after we freed it.
---
ext/phar/tests/bug79797.phar | Bin 0 -> 274 bytes
ext/phar/tests/bug79797.phpt | 14 ++++++++++++++
ext/phar/zip.c | 2 +-
3 files changed, 15 insertions(+), 1 deletion(-)
create mode 100644 ext/phar/tests/bug79797.phar
create mode 100644 ext/phar/tests/bug79797.phpt
diff --git a/ext/phar/tests/bug79797.phar b/ext/phar/tests/bug79797.phar
new file mode 100644
index 0000000000000000000000000000000000000000..21d43d9eeb61ccbd1fd0d14ccee19d2896656a8a
GIT binary patch
literal 274
zcmWIWW@cdkgT~OA?qwg{S^xiMU;tqj1|fz-Ajm7_V+hxFY}v*LQOCd#;LXScV`I|=
zlY`LM%>c<U0-+0#HU`olQ(4(yqRGiADGNXxuw9OhPEH`UtE-!vI}msP0V|Nt4-#bX
p_4V`f2Z9Gcwq8L-Vv&AgPG(}UUP(m>P{a`kh|w(oaso)PBLI@CGamo|
literal 0
HcmV?d00001
diff --git a/ext/phar/tests/bug79797.phpt b/ext/phar/tests/bug79797.phpt
new file mode 100644
index 0000000000..761e5379e0
--- /dev/null
+++ b/ext/phar/tests/bug79797.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #79797 (Use of freed hash key in the phar_parse_zipfile function)
+--SKIPIF--
+<?php
+if (!extension_loaded('phar')) die('skip phar extension not available');
+?>
+--INI--
+phar.cache_list={PWD}/bug79797.phar
+--FILE--
+<?php
+echo "done\n";
+?>
+--EXPECT--
+done
diff --git a/ext/phar/zip.c b/ext/phar/zip.c
index e086354b11..b241c0589b 100644
--- a/ext/phar/zip.c
+++ b/ext/phar/zip.c
@@ -712,7 +712,7 @@ foundit:
efree(actual_alias);
}
- zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), actual_alias, mydata->alias_len, mydata);
+ zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), mydata->alias, mydata->alias_len, mydata);
} else {
phar_archive_data *fd_ptr;
--
2.27.0.windows.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment